Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The following log entries provide an example of Sender Verification verdicts.

Malformed Envelope Senders:

Domain does not exist (NXDOMAIN):

Domain does not resolve (SERVFAIL):

To enable host DNS verification in the CLI, use the 

listenerconfig->edit->hostaccess

 command (see 

the Cisco IronPort AsyncOS CLI Reference Guide for more information).

 shows the types of unverified senders and the corresponding CLI setting:

When you create a public listener, you define all local domains that the appliance will accept messages 
for using the Recipient Access Table (RAT). Many enterprise gateways are configured to receive 
messages for several local domains. For example, suppose your company changed its name. You would 
need to receive email messages for recipients addressed to 

currentcompanyname.com

 and 

oldcompanyname.com

. In this case, both local domains would be included in the RAT for your public 

Thu Aug 10 10:14:10 2006 Info: ICID 3248 Address: <user> sender rejected, envelope 

sender domain missing

Wed Aug  9 15:39:47 2006 Info: ICID 1424 Address: <user@domain.com> sender rejected, 

envelope sender domain does not exist

Wed Aug  9 15:44:27 2006 Info: ICID 1425 Address: <user@domain.com> sender rejected, 

envelope sender domain could not be resolved

Connecting host PTR record does not exist in the DNS.

nx.domain

Connecting host PTR record lookup fails due to temporary DNS 
failure.

serv.fail

Connecting host reverse DNS lookup (PTR) does not match the 
forward DNS lookup (A)

not.double.verified